[Samba] Adding users to dirs, acl

John Drescher drescherjm at gmail.com
Thu Aug 28 13:46:31 GMT 2008

On Thu, Aug 28, 2008 at 5:51 AM, Keith Sudbury
<keith-lists at netzensolutions.com> wrote:
> I have some users I was to allow access to  a dir, I know I will need to
> setup ACL's however when this is done can I add users to dirs like I can in
> windows?
Yes, this works for me. Make sure your idmap is working.

Here is what works for me on a test domain called YOUR_DOMAIN

        idmap domains = YOUR_DOMAIN TRUSTEDDOMAINS
        idmap config YOUR_DOMAIN:backend  = nss
        idmap config YOUR_DOMAIN:readonly = yes
        idmap config TRUSTEDDOMAINS:default = yes
        idmap config TRUSTEDDOMAINS:backend = tdb
        idmap config TRUSTEDDOMAINS:range   = 10000 - 50000
        idmap alloc backend      = tdb
        idmap alloc config:range = 10000 - 50000

BTW, I am using ldap with this PDC
        add user script = /usr/sbin/smbldap-useradd -m "%u"
        delete user script = /usr/sbin/userdel -r "%u"
        add group script = /usr/sbin/smbldap-groupadd -p "%g"
        delete group script = /usr/sbin/groupdel "%g"
        add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
        delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
        set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
        add machine script = /usr/sbin/smbldap-useradd -w "%u"

        ldap admin dn = cn=Manager,dc=example,dc=net
        ldap delete dn = Yes
        ldap group suffix = ou=Groups
        ldap idmap suffix = ou=Idmap
        ldap machine suffix = ou=Computers
        ldap suffix = dc=example,dc=net
        ldap ssl = no
        ldap user suffix = ou=Users

        ldapsam:trusted = yes
        ldapsam:editposix = yes


More information about the samba mailing list